package cn.easier.activity.console.configration;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    /**
     * 应用路径
     */
    @Value("${metadata.configuration.application-path}")
    public String applicationPath;

    @Override
    public void configure(WebSecurity web) throws Exception {
        //忽略css.jq.img等文件
        web.ignoring().antMatchers("/login.html", "/jquery-1.9.1.min.js", "/vue.js", "/admin-login-bg.0da2737.jpg");
//        web.ignoring().antMatchers("/login.html", "/**.css", "/img/**", "/**.js", "/**.jpg");
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable()//HTTP with Disable CSRF
//                .authorizeRequests() //Authorize Request Configuration
//                .antMatchers("/sign-in").permitAll() //放开"/api/**"：为了给被监控端免登录注册并解决Log与Logger冲突
//                .and()
                .authorizeRequests()
                .antMatchers("/**").access("hasRole('USER_ADMIN') or hasRole('USER_SELF') or hasRole('USER_SUPERADMIN')")  //USER_SELF自动添加"ROLE_"前缀
                .and().authorizeRequests().antMatchers(
                "/",
                "/activityMessage/**",
                "/activity/info/prize/couponCode/**",
                "/activity/guess/**",
                "/periodicalMessage/**",
                "/activity/activityInfoId/**",
                "/activity-web/**",
                "/activity/info/**",
                "/periodicalMessage/**").permitAll()
                .and() //Login Form configuration for all others
                .formLogin()
                .loginPage(applicationPath + "/login.html")
                .loginProcessingUrl("/login") //登录没有重定向，所以还是https协议
                .failureUrl(applicationPath + "/login.html?error=true").permitAll()
                .defaultSuccessUrl(applicationPath + "/index.html")
                .and().logout().logoutUrl("/activity/console-user/login-out").deleteCookies("JSESSIONID").clearAuthentication(true).invalidateHttpSession(true).logoutSuccessUrl(applicationPath + "/login.html").permitAll()
                .and()
                .httpBasic();
//        http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
    }
}
